@directus/api 32.1.0 → 32.2.0

package/dist/{mcp → ai/tools}/types.d.ts

@@ -1,4 +1,4 @@
-import type { Accountability, Query, SchemaOverview } from '@directus/types';
+import type { Accountability, SchemaOverview } from '@directus/types';
 import type { ToolAnnotations } from '@modelcontextprotocol/sdk/types.js';
 import type { ZodType } from 'zod';
 export type ToolResultBase = {
@@ -18,7 +18,6 @@ export type ToolResult = TextToolResult | AssetToolResult;
 export type ToolHandler<T> = {
     (options: {
         args: T;
-        sanitizedQuery: Query;
         schema: SchemaOverview;
         accountability: Accountability | undefined;
     }): Promise<ToolResult | undefined>;
@@ -39,18 +38,3 @@ export interface ToolConfig<T> {
     annotations?: ToolAnnotations;
     handler: ToolHandler<T>;
 }
-export interface Prompt {
-    name: string;
-    system_prompt?: string | null;
-    description?: string;
-    messages: {
-        role: 'user' | 'assistant';
-        text: string;
-    }[];
-}
-export interface MCPOptions {
-    promptsCollection?: string;
-    allowDeletes?: boolean;
-    systemPromptEnabled?: boolean;
-    systemPrompt?: string | null;
-}

package/dist/ai/tools/utils.d.ts

@@ -0,0 +1,9 @@
+import type { Accountability, SchemaOverview } from '@directus/types';
+/**
+ * Build a sanitized query object from a tool's args payload.
+ * - Ensures fields defaults to '*' when not provided
+ * - Returns an empty object when no args.query is present
+ */
+export declare function buildSanitizedQueryFromArgs<T extends {
+    query?: Record<string, any> | undefined;
+}>(args: T, schema: SchemaOverview, accountability?: Accountability | null): Promise<Record<string, any>>;

package/dist/ai/tools/utils.js

@@ -0,0 +1,17 @@
+import { sanitizeQuery } from '../../utils/sanitize-query.js';
+/**
+ * Build a sanitized query object from a tool's args payload.
+ * - Ensures fields defaults to '*' when not provided
+ * - Returns an empty object when no args.query is present
+ */
+export async function buildSanitizedQueryFromArgs(args, schema, accountability) {
+    let sanitizedQuery = {};
+    if (args?.query) {
+        const q = args.query;
+        sanitizedQuery = await sanitizeQuery({
+            fields: q['fields'] ?? '*',
+            ...q,
+        }, schema, accountability ?? undefined);
+    }
+    return sanitizedQuery;
+}

package/dist/app.js

@@ -68,6 +68,7 @@ import projectSchedule from './schedules/project.js';
 import { getConfigFromEnv } from './utils/get-config-from-env.js';
 import { Url } from './utils/url.js';
 import { validateStorage } from './utils/validate-storage.js';
+import { aiChatRouter } from './ai/chat/router.js';
 const require = createRequire(import.meta.url);
 export default async function createApp() {
     const env = useEnv();
@@ -84,6 +85,9 @@ export default async function createApp() {
     if (!env['SECRET']) {
         logger.warn(`"SECRET" env variable is missing. Using a random value instead. Tokens will not persist between restarts. This is not appropriate for production usage.`);
     }
+    if (typeof env['SECRET'] === 'string' && Buffer.byteLength(env['SECRET']) < 32) {
+        logger.warn('"SECRET" env variable is shorter than 32 bytes which is insecure. This is not appropriate for production usage.');
+    }
     if (!new Url(env['PUBLIC_URL']).isAbsolute()) {
         logger.warn('"PUBLIC_URL" should be a full URL');
     }
@@ -231,6 +235,7 @@ export default async function createApp() {
     if (toBoolean(env['MCP_ENABLED']) === true) {
         app.use('/mcp', mcpRouter);
     }
+    app.use('/ai/chat', aiChatRouter);
     if (env['METRICS_ENABLED'] === true) {
         app.use('/metrics', metricsRouter);
     }

package/dist/auth/drivers/oauth2.d.ts

@@ -5,11 +5,12 @@ import type { RoleMap } from '../../types/rolemap.js';
 import { LocalAuthDriver } from './local.js';
 export declare class OAuth2AuthDriver extends LocalAuthDriver {
     client: Client;
+    redirectUrl: string;
     config: Record<string, any>;
     roleMap: RoleMap;
     constructor(options: AuthDriverOptions, config: Record<string, any>);
     generateCodeVerifier(): string;
-    generateAuthUrl(codeVerifier: string, prompt?: boolean, callbackUrl?: string): string;
+    generateAuthUrl(codeVerifier: string, prompt?: boolean): string;
     private fetchUserId;
     getUserID(payload: Record<string, any>): Promise<string>;
     login(user: User): Promise<void>;

package/dist/auth/drivers/oauth2.js

@@ -16,37 +16,40 @@ import { AuthenticationService } from '../../services/authentication.js';
 import asyncHandler from '../../utils/async-handler.js';
 import { getConfigFromEnv } from '../../utils/get-config-from-env.js';
 import { getIPFromReq } from '../../utils/get-ip-from-req.js';
-import { getSchema } from '../../utils/get-schema.js';
 import { getSecret } from '../../utils/get-secret.js';
+import { isLoginRedirectAllowed } from '../../utils/is-login-redirect-allowed.js';
 import { verifyJWT } from '../../utils/jwt.js';
 import { Url } from '../../utils/url.js';
-import { generateCallbackUrl } from '../utils/generate-callback-url.js';
-import { isLoginRedirectAllowed } from '../utils/is-login-redirect-allowed.js';
 import { LocalAuthDriver } from './local.js';
+import { getSchema } from '../../utils/get-schema.js';
 export class OAuth2AuthDriver extends LocalAuthDriver {
     client;
+    redirectUrl;
     config;
     roleMap;
     constructor(options, config) {
         super(options, config);
+        const env = useEnv();
         const logger = useLogger();
         const { authorizeUrl, accessUrl, profileUrl, clientId, clientSecret, ...additionalConfig } = config;
         if (!authorizeUrl || !accessUrl || !profileUrl || !clientId || !clientSecret || !additionalConfig['provider']) {
             logger.error('Invalid provider config');
             throw new InvalidProviderConfigError({ provider: additionalConfig['provider'] });
         }
+        const redirectUrl = new Url(env['PUBLIC_URL']).addPath('auth', 'login', additionalConfig['provider'], 'callback');
+        this.redirectUrl = redirectUrl.toString();
         this.config = additionalConfig;
         this.roleMap = {};
         const roleMapping = this.config['roleMapping'];
+        if (roleMapping) {
+            this.roleMap = roleMapping;
+        }
         // role mapping will fail on login if AUTH_<provider>_ROLE_MAPPING is an array instead of an object.
         // This happens if the 'json:' prefix is missing from the variable declaration. To save the user from exhaustive debugging, we'll try to fail early here.
         if (roleMapping instanceof Array) {
             logger.error("[OAuth2] Expected a JSON-Object as role mapping, got an Array instead. Make sure you declare the variable with 'json:' prefix.");
             throw new InvalidProviderError();
         }
-        if (roleMapping) {
-            this.roleMap = roleMapping;
-        }
         const issuer = new Issuer({
             authorization_endpoint: authorizeUrl,
             token_endpoint: accessUrl,
@@ -64,6 +67,7 @@ export class OAuth2AuthDriver extends LocalAuthDriver {
         this.client = new issuer.Client({
             client_id: clientId,
             client_secret: clientSecret,
+            redirect_uris: [this.redirectUrl],
             response_types: ['code'],
             ...clientOptionsOverrides,
         });
@@ -71,7 +75,7 @@ export class OAuth2AuthDriver extends LocalAuthDriver {
     generateCodeVerifier() {
         return generators.codeVerifier();
     }
-    generateAuthUrl(codeVerifier, prompt = false, callbackUrl) {
+    generateAuthUrl(codeVerifier, prompt = false) {
         const { plainCodeChallenge } = this.config;
         try {
             const codeChallenge = plainCodeChallenge ? codeVerifier : generators.codeChallenge(codeVerifier);
@@ -85,7 +89,6 @@ export class OAuth2AuthDriver extends LocalAuthDriver {
                 code_challenge_method: plainCodeChallenge ? 'plain' : 'S256',
                 // Some providers require state even with PKCE
                 state: codeChallenge,
-                redirect_uri: callbackUrl,
             });
         }
         catch (e) {
@@ -113,7 +116,7 @@ export class OAuth2AuthDriver extends LocalAuthDriver {
             const codeChallenge = plainCodeChallenge
                 ? payload['codeVerifier']
                 : generators.codeChallenge(payload['codeVerifier']);
-            tokenSet = await this.client.oauthCallback(payload['redirectUri'], { code: payload['code'], state: payload['state'] }, { code_verifier: payload['codeVerifier'], state: codeChallenge });
+            tokenSet = await this.client.oauthCallback(this.redirectUrl, { code: payload['code'], state: payload['state'] }, { code_verifier: payload['codeVerifier'], state: codeChallenge });
             userInfo = await this.client.userinfo(tokenSet.access_token);
         }
         catch (e) {
@@ -272,19 +275,12 @@ export function createOAuth2AuthRouter(providerName) {
         const provider = getAuthProvider(providerName);
         const codeVerifier = provider.generateCodeVerifier();
         const prompt = !!req.query['prompt'];
-        const otp = req.query['otp'];
         const redirect = req.query['redirect'];
-        if (!isLoginRedirectAllowed(providerName, `${req.protocol}://${req.hostname}`, redirect)) {
+        const otp = req.query['otp'];
+        if (isLoginRedirectAllowed(redirect, providerName) === false) {
             throw new InvalidPayloadError({ reason: `URL "${redirect}" can't be used to redirect after login` });
         }
-        const callbackUrl = generateCallbackUrl(providerName, `${req.protocol}://${req.get('host')}`);
-        const token = jwt.sign({
-            verifier: codeVerifier,
-            redirect,
-            prompt,
-            otp,
-            callbackUrl,
-        }, getSecret(), {
+        const token = jwt.sign({ verifier: codeVerifier, redirect, prompt, otp }, getSecret(), {
             expiresIn: '5m',
             issuer: 'directus',
         });
@@ -292,7 +288,7 @@ export function createOAuth2AuthRouter(providerName) {
             httpOnly: true,
             sameSite: 'lax',
         });
-        return res.redirect(provider.generateAuthUrl(codeVerifier, prompt, callbackUrl));
+        return res.redirect(provider.generateAuthUrl(codeVerifier, prompt));
     }, respond);
     router.post('/callback', express.urlencoded({ extended: false }), (req, res) => {
         res.redirect(303, `./callback?${new URLSearchParams(req.body)}`);
@@ -307,7 +303,7 @@ export function createOAuth2AuthRouter(providerName) {
             logger.warn(e, `[OAuth2] Couldn't verify OAuth2 cookie`);
             throw new InvalidCredentialsError();
         }
-        const { verifier, prompt, otp, callbackUrl } = tokenData;
+        const { verifier, prompt, otp } = tokenData;
         let { redirect } = tokenData;
         const accountability = createDefaultAccountability({
             ip: getIPFromReq(req),
@@ -330,7 +326,6 @@ export function createOAuth2AuthRouter(providerName) {
                 code: req.query['code'],
                 codeVerifier: verifier,
                 state: req.query['state'],
-                callbackUrl,
             }, { session: authMode === 'session', ...(otp ? { otp: String(otp) } : {}) });
         }
         catch (error) {

package/dist/auth/drivers/openid.d.ts

@@ -5,12 +5,13 @@ import type { RoleMap } from '../../types/rolemap.js';
 import { LocalAuthDriver } from './local.js';
 export declare class OpenIDAuthDriver extends LocalAuthDriver {
     client: null | Client;
+    redirectUrl: string;
     config: Record<string, any>;
     roleMap: RoleMap;
     constructor(options: AuthDriverOptions, config: Record<string, any>);
     private getClient;
     generateCodeVerifier(): string;
-    generateAuthUrl(codeVerifier: string, prompt?: boolean, callbackUrl?: string): Promise<string>;
+    generateAuthUrl(codeVerifier: string, prompt?: boolean): Promise<string>;
     private fetchUserId;
     getUserID(payload: Record<string, any>): Promise<string>;
     login(user: User): Promise<void>;

package/dist/auth/drivers/openid.js

@@ -16,19 +16,20 @@ import { AuthenticationService } from '../../services/authentication.js';
 import asyncHandler from '../../utils/async-handler.js';
 import { getConfigFromEnv } from '../../utils/get-config-from-env.js';
 import { getIPFromReq } from '../../utils/get-ip-from-req.js';
-import { getSchema } from '../../utils/get-schema.js';
 import { getSecret } from '../../utils/get-secret.js';
+import { isLoginRedirectAllowed } from '../../utils/is-login-redirect-allowed.js';
 import { verifyJWT } from '../../utils/jwt.js';
 import { Url } from '../../utils/url.js';
-import { generateCallbackUrl } from '../utils/generate-callback-url.js';
-import { isLoginRedirectAllowed } from '../utils/is-login-redirect-allowed.js';
 import { LocalAuthDriver } from './local.js';
+import { getSchema } from '../../utils/get-schema.js';
 export class OpenIDAuthDriver extends LocalAuthDriver {
     client;
+    redirectUrl;
     config;
     roleMap;
     constructor(options, config) {
         super(options, config);
+        const env = useEnv();
         const logger = useLogger();
         const { issuerUrl, clientId, clientSecret, clientPrivateKeys, clientTokenEndpointAuthMethod, provider, issuerDiscoveryMustSucceed, } = config;
         const isPrivateKeyJwtAuthMethod = clientTokenEndpointAuthMethod === 'private_key_jwt';
@@ -36,6 +37,8 @@ export class OpenIDAuthDriver extends LocalAuthDriver {
             logger.error('Invalid provider config');
             throw new InvalidProviderConfigError({ provider });
         }
+        const redirectUrl = new Url(env['PUBLIC_URL']).addPath('auth', 'login', provider, 'callback');
+        this.redirectUrl = redirectUrl.toString();
         this.config = config;
         this.roleMap = {};
         const roleMapping = this.config['roleMapping'];
@@ -95,6 +98,7 @@ export class OpenIDAuthDriver extends LocalAuthDriver {
         const client = new issuer.Client({
             client_id: clientId,
             ...(!isPrivateKeyJwtAuthMethod && { client_secret: clientSecret }),
+            redirect_uris: [this.redirectUrl],
             response_types: ['code'],
             ...clientOptionsOverrides,
         }, isPrivateKeyJwtAuthMethod ? { keys: clientPrivateKeys } : undefined);
@@ -112,7 +116,7 @@ export class OpenIDAuthDriver extends LocalAuthDriver {
     generateCodeVerifier() {
         return generators.codeVerifier();
     }
-    async generateAuthUrl(codeVerifier, prompt = false, callbackUrl) {
+    async generateAuthUrl(codeVerifier, prompt = false) {
         const { plainCodeChallenge } = this.config;
         try {
             const client = await this.getClient();
@@ -128,7 +132,6 @@ export class OpenIDAuthDriver extends LocalAuthDriver {
                 // Some providers require state even with PKCE
                 state: codeChallenge,
                 nonce: codeChallenge,
-                redirect_uri: callbackUrl,
             });
         }
         catch (e) {
@@ -157,7 +160,7 @@ export class OpenIDAuthDriver extends LocalAuthDriver {
             const codeChallenge = plainCodeChallenge
                 ? payload['codeVerifier']
                 : generators.codeChallenge(payload['codeVerifier']);
-            tokenSet = await client.callback(payload['callbackUrl'], { code: payload['code'], state: payload['state'], iss: payload['iss'] }, { code_verifier: payload['codeVerifier'], state: codeChallenge, nonce: codeChallenge });
+            tokenSet = await client.callback(this.redirectUrl, { code: payload['code'], state: payload['state'], iss: payload['iss'] }, { code_verifier: payload['codeVerifier'], state: codeChallenge, nonce: codeChallenge });
             userInfo = tokenSet.claims();
             if (client.issuer.metadata['userinfo_endpoint']) {
                 userInfo = {
@@ -326,17 +329,10 @@ export function createOpenIDAuthRouter(providerName) {
         const prompt = !!req.query['prompt'];
         const redirect = req.query['redirect'];
         const otp = req.query['otp'];
-        if (!isLoginRedirectAllowed(providerName, `${req.protocol}://${req.hostname}`, redirect)) {
+        if (isLoginRedirectAllowed(redirect, providerName) === false) {
             throw new InvalidPayloadError({ reason: `URL "${redirect}" can't be used to redirect after login` });
         }
-        const callbackUrl = generateCallbackUrl(providerName, `${req.protocol}://${req.get('host')}`);
-        const token = jwt.sign({
-            verifier: codeVerifier,
-            redirect,
-            prompt,
-            otp,
-            callbackUrl,
-        }, getSecret(), {
+        const token = jwt.sign({ verifier: codeVerifier, redirect, prompt, otp }, getSecret(), {
             expiresIn: (env[`AUTH_${providerName.toUpperCase()}_LOGIN_TIMEOUT`] ?? '5m'),
             issuer: 'directus',
         });
@@ -345,7 +341,7 @@ export function createOpenIDAuthRouter(providerName) {
             sameSite: 'lax',
         });
         try {
-            return res.redirect(await provider.generateAuthUrl(codeVerifier, prompt, callbackUrl));
+            return res.redirect(await provider.generateAuthUrl(codeVerifier, prompt));
         }
         catch {
             return res.redirect(new Url(env['PUBLIC_URL'])
@@ -369,7 +365,7 @@ export function createOpenIDAuthRouter(providerName) {
             const url = new Url(env['PUBLIC_URL']).addPath('admin', 'login');
             return res.redirect(`${url.toString()}?reason=${ErrorCode.InvalidCredentials}`);
         }
-        const { verifier, prompt, otp, callbackUrl } = tokenData;
+        const { verifier, prompt, otp } = tokenData;
         let { redirect } = tokenData;
         const accountability = createDefaultAccountability({ ip: getIPFromReq(req) });
         const userAgent = req.get('user-agent')?.substring(0, 1024);
@@ -391,7 +387,6 @@ export function createOpenIDAuthRouter(providerName) {
                 codeVerifier: verifier,
                 state: req.query['state'],
                 iss: req.query['iss'],
-                callbackUrl,
             }, { session: authMode === 'session', ...(otp ? { otp: String(otp) } : {}) });
         }
         catch (error) {

package/dist/auth/drivers/saml.js

@@ -12,9 +12,9 @@ import { respond } from '../../middleware/respond.js';
 import { AuthenticationService } from '../../services/authentication.js';
 import asyncHandler from '../../utils/async-handler.js';
 import { getConfigFromEnv } from '../../utils/get-config-from-env.js';
-import { LocalAuthDriver } from './local.js';
 import { getSchema } from '../../utils/get-schema.js';
-import { isLoginRedirectAllowed } from '../utils/is-login-redirect-allowed.js';
+import { isLoginRedirectAllowed } from '../../utils/is-login-redirect-allowed.js';
+import { LocalAuthDriver } from './local.js';
 // Register the samlify schema validator
 samlify.setSchemaValidator(validator);
 export class SAMLAuthDriver extends LocalAuthDriver {
@@ -95,7 +95,7 @@ export function createSAMLAuthRouter(providerName) {
         const parsedUrl = new URL(url);
         if (req.query['redirect']) {
             const redirect = req.query['redirect'];
-            if (!isLoginRedirectAllowed(providerName, `${req.protocol}://${req.hostname}`, redirect)) {
+            if (isLoginRedirectAllowed(redirect, providerName) === false) {
                 throw new InvalidPayloadError({ reason: `URL "${redirect}" can't be used to redirect after login` });
             }
             parsedUrl.searchParams.append('RelayState', redirect);
@@ -117,6 +117,9 @@ export function createSAMLAuthRouter(providerName) {
         const logger = useLogger();
         const relayState = req.body?.RelayState;
         const authMode = (env[`AUTH_${providerName.toUpperCase()}_MODE`] ?? 'session');
+        if (relayState && isLoginRedirectAllowed(relayState, providerName) === false) {
+            throw new InvalidPayloadError({ reason: `URL "${relayState}" can't be used to redirect after login` });
+        }
         try {
             const { sp, idp } = getAuthProvider(providerName);
             const { extract } = await sp.parseLoginResponse(idp, 'post', req);

package/dist/controllers/assets.js

@@ -1,10 +1,12 @@
 import { useEnv } from '@directus/env';
-import { InvalidQueryError, RangeNotSatisfiableError } from '@directus/errors';
+import { InvalidPayloadError, InvalidQueryError, RangeNotSatisfiableError } from '@directus/errors';
 import { TransformationMethods } from '@directus/types';
-import { parseJSON } from '@directus/utils';
+import { getDateTimeFormatted, parseJSON } from '@directus/utils';
 import contentDisposition from 'content-disposition';
 import { Router } from 'express';
 import { merge, pick } from 'lodash-es';
+import * as z from 'zod';
+import { fromZodError } from 'zod-validation-error';
 import { ASSET_TRANSFORM_QUERY_KEYS, SYSTEM_ASSET_ALLOW_LIST } from '../constants.js';
 import getDatabase from '../database/index.js';
 import { useLogger } from '../logger/index.js';
@@ -15,9 +17,44 @@ import asyncHandler from '../utils/async-handler.js';
 import { getCacheControlHeader } from '../utils/get-cache-headers.js';
 import { getConfigFromEnv } from '../utils/get-config-from-env.js';
 import { getMilliseconds } from '../utils/get-milliseconds.js';
+import { isValidUuid } from '../utils/is-valid-uuid.js';
 const router = Router();
 const env = useEnv();
 router.use(useCollection('directus_files'));
+router.post('/folder/:pk', asyncHandler(async (req, res) => {
+    const service = new AssetsService({
+        accountability: req.accountability,
+        schema: req.schema,
+    });
+    const { archive, complete, metadata } = await service.zipFolder(req.params['pk']);
+    res.setHeader('Content-Type', 'application/zip');
+    res.setHeader('Content-Disposition', `attachment; filename="folder-${metadata['name'] ? metadata['name'] : 'unknown'}-${getDateTimeFormatted()}.zip"`);
+    archive.pipe(res);
+    await complete();
+}));
+router.post('/files/', asyncHandler(async (req, res) => {
+    const service = new AssetsService({
+        accountability: req.accountability,
+        schema: req.schema,
+    });
+    const { error, data } = z
+        .object({
+        ids: z
+            .array(z.string().refine((v) => isValidUuid(v), {
+            error: '"id" must be a uuid',
+        }))
+            .min(1),
+    })
+        .safeParse(req.body);
+    if (error) {
+        throw new InvalidPayloadError({ reason: fromZodError(error).message });
+    }
+    const { archive, complete } = await service.zipFiles(data.ids);
+    res.setHeader('Content-Type', 'application/zip');
+    res.setHeader('Content-Disposition', `attachment; filename="files-${getDateTimeFormatted()}.zip"`);
+    archive.pipe(res);
+    await complete();
+}));
 router.get('/:pk/:filename?', 
 // Validate query params
 asyncHandler(async (req, res, next) => {

package/dist/controllers/mcp.js

@@ -1,6 +1,6 @@
 import { ForbiddenError } from '@directus/errors';
 import { Router } from 'express';
-import { DirectusMCP } from '../mcp/index.js';
+import { DirectusMCP } from '../ai/mcp/index.js';
 import { SettingsService } from '../services/settings.js';
 import asyncHandler from '../utils/async-handler.js';
 const router = Router();

package/dist/database/migrations/20240806A-permissions-policies.js

@@ -6,8 +6,8 @@ import { fetchPermissions } from '../../permissions/lib/fetch-permissions.js';
 import { fetchPolicies } from '../../permissions/lib/fetch-policies.js';
 import { fetchRolesTree } from '../../permissions/lib/fetch-roles-tree.js';
 import { getSchema } from '../../utils/get-schema.js';
-import { getSchemaInspector } from '../index.js';
 import { mergePermissions } from '../../permissions/utils/merge-permissions.js';
+import { getSchemaInspector } from '../index.js';
 async function fetchRoleAccess(roles, context) {
     const roleAccess = {
         admin_access: false,
@@ -184,7 +184,7 @@ export async function down(knex) {
     // role permissions to be inserted once all processing is completed
     const rolePermissions = [];
     for (const role of roles) {
-        const roleTree = await fetchRolesTree(role.id, knex);
+        const roleTree = await fetchRolesTree(role.id, { knex });
         let roleAccess = null;
         if (role.id !== null) {
             roleAccess = await fetchRoleAccess(roleTree, context);

package/dist/database/migrations/20251103A-add-ai-settings.d.ts

@@ -0,0 +1,3 @@
+import type { Knex } from 'knex';
+export declare function up(knex: Knex): Promise<void>;
+export declare function down(knex: Knex): Promise<void>;

package/dist/database/migrations/20251103A-add-ai-settings.js

@@ -0,0 +1,14 @@
+export async function up(knex) {
+    await knex.schema.alterTable('directus_settings', (table) => {
+        table.text('ai_openai_api_key');
+        table.text('ai_anthropic_api_key');
+        table.text('ai_system_prompt');
+    });
+}
+export async function down(knex) {
+    await knex.schema.alterTable('directus_settings', (table) => {
+        table.dropColumn('ai_openai_api_key');
+        table.dropColumn('ai_anthropic_api_key');
+        table.dropColumn('ai_system_prompt');
+    });
+}

package/dist/database/run-ast/run-ast.js

@@ -48,7 +48,7 @@ export async function runAst(originalAST, schema, accountability, options) {
         if (!rawItems)
             return null;
         // Run the items through the special transforms
-        const payloadService = new PayloadService(collection, { knex, schema });
+        const payloadService = new PayloadService(collection, { accountability, knex, schema });
         let items = await payloadService.processValues('read', rawItems, query.alias ?? {}, query.aggregate ?? {});
         if (!items || (Array.isArray(items) && items.length === 0))
             return items;

package/dist/extensions/lib/installation/manager.js

@@ -63,11 +63,9 @@ export class InstallationManager {
                 }
                 await queue.onIdle();
             }
-            else {
-                // No custom location, so save to regular local extensions folder
-                const dest = join(this.extensionPath, '.registry', versionId);
-                await move(join(tempDir, extractedPath), dest, { overwrite: true });
-            }
+            // move to regular local extensions folder
+            const dest = join(this.extensionPath, '.registry', versionId);
+            await move(join(tempDir, extractedPath), dest, { overwrite: true });
         }
         catch (err) {
             logger.warn(err);
@@ -92,9 +90,7 @@ export class InstallationManager {
             }
             await queue.onIdle();
         }
-        else {
-            const path = join(this.extensionPath, '.registry', folder);
-            await remove(path);
-        }
+        const path = join(this.extensionPath, '.registry', folder);
+        await remove(path);
     }
 }

package/dist/extensions/lib/sync/status.d.ts

@@ -0,0 +1,11 @@
+export declare const SyncStatus: {
+    readonly SYNCING: "SYNCING";
+    readonly IDLE: "IDLE";
+};
+export type SyncStatus = keyof typeof SyncStatus;
+export declare function getSyncStatus(): Promise<SyncStatus>;
+export declare function setSyncStatus(status: SyncStatus): Promise<void>;
+/**
+ * Checks the filesystem lock file if we are currently synchronizing
+ */
+export declare function isSynchronizing(): Promise<boolean>;

package/dist/extensions/lib/sync/status.js

@@ -0,0 +1,34 @@
+/**
+ * Utility functions to write a `.status` file on the filesystem to indicate active synchronization
+ */
+import { join } from 'node:path';
+import { exists } from 'fs-extra';
+import { writeFile, rm } from 'node:fs/promises';
+import { getExtensionsPath } from '../get-extensions-path.js';
+export const SyncStatus = {
+    SYNCING: 'SYNCING',
+    IDLE: 'IDLE',
+};
+export async function getSyncStatus() {
+    const statusFilePath = join(getExtensionsPath(), '.status');
+    if (await exists(statusFilePath)) {
+        return SyncStatus.SYNCING;
+    }
+    return SyncStatus.IDLE;
+}
+export async function setSyncStatus(status) {
+    const statusFilePath = join(getExtensionsPath(), '.status');
+    if (status === SyncStatus.SYNCING) {
+        await writeFile(statusFilePath, '');
+    }
+    else {
+        await rm(statusFilePath);
+    }
+}
+/**
+ * Checks the filesystem lock file if we are currently synchronizing
+ */
+export async function isSynchronizing() {
+    const status = await getSyncStatus();
+    return status === SyncStatus.SYNCING;
+}

package/dist/extensions/lib/sync/sync.d.ts

@@ -0,0 +1,6 @@
+export type ExtensionSyncOptions = {
+    forceSync?: boolean;
+    partialSync?: string;
+    skipSync?: boolean;
+};
+export declare function syncExtensions(options?: ExtensionSyncOptions): Promise<void>;